All Products
Search
Document Center

Simple Log Service:Grant permissions

Last Updated:Jun 16, 2026

To ship data from Simple Log Service to MaxCompute by using a RAM role, grant data shipping permissions and shipping job management permissions to the role.

Overview

Data shipping from Simple Log Service to MaxCompute requires the following permissions:

  • Data read and write permissions: the permissions to read data from Simple Log Service logstores and write data to MaxCompute tables.

  • Shipping job management permissions: the permissions to create, delete, modify, and view MaxCompute data shipping jobs.

Permissions to read and write data

Operation

Authorization method

Description

Configure permissions to read data from a logstore

Read data from a logstore by using a default role

Allow Simple Log Service to assume AliyunLogDefaultRole to read data from the source logstore.

Read data from a logstore by using a custom role

Allow Simple Log Service to assume a custom RAM role to read data from the source logstore.

Configure permissions to write data to MaxCompute

Authorize the default role for MaxCompute (same-account shipping)

Allow a MaxCompute data shipping job to assume AliyunLogDefaultRole to write data from a Simple Log Service logstore to a MaxCompute table.

Write data to MaxCompute by using a custom role

Allow a MaxCompute data shipping job to assume a custom RAM role to write data from a Simple Log Service logstore to a MaxCompute table.

Permissions to manage data shipping jobs

Before RAM users can manage data shipping jobs, they must be authorized to do so. For more information, see Authorize a RAM user to manage MaxCompute delivery tasks.